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1, INTRODUCTION 

After four decades since the first KEP introduced by Diffie-Hellman, many research works have 
been done to improve the original KEP based on the recently encountered security issues. This work explores 
the security of KEP against timing and relay attacks. The timing attack will provide additional information 
that can be used by an attacker in breaking a cryptographic communication protocol. This attack will reveal 
cryptographic runtimes during the secret key generation process, which could leak the secret key used in the 
KEP. For the relay attack, the attacker will relay RF frames through long distance and it can pretense as a 
legitimate node (device) while the legitimate node is far away. Most of the relay attack is applied for 
deceiving Radio-frequency Identification (RFID) access systems such as door and automotive entry. This 
work will address the most recently KEP by Isa M.A.M et al. [1], whereby the authors showed significant 
works on proving the security of KEP against various adversary models and side-channel security. 

This paragraph will illustrate the paper organization as follows: This section provides an 
introduction to this work. Section 2 discuss the original DHKE and its cryptographic primitives. Section 3 
will revisit the state of the art in KEP. Section 4 presents an adversary model for the timing attack. Section 5 
presents an attack model for the relay attack. Section 6 will discuss the security analysis for the timing and 
relay attacks. Section 7 will show the experimental setup for the relay attack as well as the experiment 
results. Section 8 will discuss the results of the relay attack experiment and the timing attack security 
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reduction. Section 9 discusses this paper contribution. Lastly, section 10 concludes the research work done by 
the authors and also offers an introduction to the future work. 


2. DHKE BACKGROUND 

Diffie-Hellman (1976) introduced the first key distribution protocol [2] which allows a secret to be 
shared in unsecure networks. Diffie-Hellman key exchange (DHKE) protocol had solved a traditional 
banking problem in sharing symmetric keys. Before DHKE, the symmetric keys were distributed by trusted 
human over the world. It required human and physical medium to share the symmetric keys between banks. 
At that moment, National Institute of Standards and Technology (NIST) Data Encryption Standard (DES) 
was used as a Symmetric cryptosystem for banking. Through DHKE, the sharing symmetric keys problem in 
the traditional banking is solved. DHKE (1976) algorithm or DHKE textbook is presented as shown in 
Figure 1. DHKE relies on a discrete log problem as the foundation mathematical computation hardness, 
which is to find a root in modular arithmetic. The root is the private parameters a and b. 
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Figure 1. DHKE cryptosystem for exchange asymmetric key 


3. RECENT WORKS ON KEY EXCHANGE PROTOCOL 

After four decades since its introduction, many research works have been done to improve DHKE 
based on recently encountered security issues. Arazi B. [3] (1993) proposed an integration of key exchange 
protocol and NIST digital signature standard (DSS) for establishing identity assurance for all key exchange 
protocol participants. Kocher P.C. [4] (1996) has shown a practical side-channel attack on KEP using timing 
attack for cryptographic computation. Raymond et al. (2002) [5] proposed a collective of attacks in the 
DHKE protocol and a good idea on how to securely implement the DH protocol in various systems. Harn L. 
et al. (2004) [6] proposed one, two and three rounds of DHKE and digital signature algorithm (DSA). R.C.W 
Phan (2005) [7] fixed problems in the fixed three-round DHKE DSA [6] by adding a forward secrecy and 
key freshness as required in a key exchange standard. Yoon et al. (2009) [8] proposed an efficient DHKE 
hash message authentication code (HMAC) with forward secrecy, key independence and protection against 
session state reveal attacks. The authors have claimed that their technique is more efficient than Jeong I.R. et 
al. [9]. Viet H.V. et al. (2013) [10] proposed two DHKE DSA protocols that have satisfied seven security 
attributes for a key exchange protocol to be assumed secure [10]—[12], namely known key authentication, 
forward secrecy, known-key security, unknown key-share attack, key relay attack, key freshness and session- 
state reveal [10] respectively. 

Mandal S. et al. (2014) [13] propose a multi-party DHKE with perfect forward secrecy using a 
Trusted Third Party (TTP). The TTP functions as a group controller for all DHKE participants. Gola K.K. et 
al. (2015) [14] proposed a secure DHKE by implementing RSA encryption and decryption on DHKE secrets. 
Fathirad I. et al. (2016) [15] revisited DHKE commercial protocols for various network attacks such as man- 
in-the-middle, digital certificate (parameters on TLS/DTLS), signature on TLS/DTLS/IKEv?2, signature on 
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SSH and TLS/DTLS, pre-shared key on TLS/DTLS, MAC on [Psec (IKEv2), EAP and third-party server on 
IKEv2, cached shared secret or SAS on ZRTP, DoS and reply respectively. Francillon et al. (2011) [16] from 
ETH Zurich have shown practical experiments that can be used to fool AKS through relay attacks using large 
timing delays for long distances and multiple relays for radio-hopping relays at long distances. The most 
recent work was done by Isa M.A.M. et al. (2017) [1] whereby a chain of KEP with relay attack detection is 
used to secure communication session between automotive (car) and keyfob (owner). The cryptosystem has 
been designed and proved by referring to the methods by Viet [10], Yoon [8], Jeong [28] and Harn [6]. The 
proposed KEP by Isa [1] can be used to secure symmetric encryption in networked systems [17]-[19]. 


4. ADVERSARY MODEL FOR TIMING ATTACK 

The paper has introduced an adversary model using an indistinguishability experiment with timing 
attacks on KEP. In this adversary model, an adversary has the knowledge of adaptive indistinguishability and 
timing knowledge that are accessible by an oracle. This model allows the adversary to access identical 
computing resources in terms of computing hardware (e.g. CPU). The adversary is given the knowledge of 
time t; being the duration to perform cryptographic computations (e.g. primitive computation and protocol 
execution). Furthermore, the adversary has the knowledge of network transmission delay for all transactions 
as shown in Figures 2 and 3. 


Protocol Il = (E,P); Let b = {0,1}; Experiment (input: random b) 
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Figure 2. Indistinguishability experiment with timing attacks on KEP 
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Figure 3. A relay attack (one relay) between a key fob and car 
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For the indistinguishability experiment, the Adversary will send two pairs of public parameters 
P(Ap, By) and P(A,, B,) to the Challenger. Referring to Figure 2, the Challenger will compute key exchanges 
ky and k,, and its cryptographic computational timings ty and t, for both public parameters P(Ag, By) and 
P(A,,B,). Then the Challenger will randomly choose either ky or k, as the challenged keyk*. Altogether the 
k*, ty and t, are sent to the Adversary. The Adversary needs to distinguish whether the key k* is kg or ky 
with the additional information of timing ty and t,. If the probability of guessing the correct key k”* is greater 


i — 
than 5 as shown in Figure 3, then it can be concluded that the Adversary has the “advantage” and the given 
protocol |] is considered not secure in terms of indistinguishability experiment. 


5. RELAY ATTACK 

This section presents the relay attack by an experiment between a key fob and car. To mount the relay 
attack, an adversary will set up at least one radio frequency (RF) relay between the key fob and car, which will 
act aS a man-in-the-middle during security authentication sessions between the key fob and car [16]. The 
relayed security authentication credentials will authorize the car to be locked or unlocked even though the car’s 
owner (with the key fob) is far away from the car. By this attack, the adversary will succeed to fool the 
automotive keyless systems (AKS) using at least one or more RF relay nodes as shown in Figures 3 and 4. 
There is no an attempt to break cryptographic encryption key by the adversary, but through relaying the 
encrypted RF communication data between the key fob and car that makes the existing AKS vulnerable to the 
relay attack. 


Owner + Key Fob 
x distance 


wn 
sk 


x 
Relay 1 T Owner + Key Fob 


Pax distances 


Adversary 1 x 4 il 


« i 
—> 2" 
Relay 2 rT | jt 


Owner + Key Fob 
Adversary 2 3x distances 





Figure 4. Adversaries relaying RF signal for long distance 


This paragraph explains the relay attack between the key fob and car as shown in the Figure 3. In the 
Step 1, the car will send public parameter p,q,, for session i over RF. The pq, will arrive at the key fob either 


without a relay or relayed by the adversary. If without a relay, the p,q,, will be arrived at the key fob by a 
transmission delay t,q;, for x distance. If relayed by the adversary, the p¢q,, will be arrived at the adversary by 
a transmission delay t.g,, for x distance. Then the adversary will forward the pcq;, to the key fob by a 


transmission delay t,,,.. for x distance. Therefore the total transmission delay by the adversary is tcg,, + t 


I 
car; car; 


for 2x distances. In this case, the car owner (hold key fob) is assumed that he/she is unable to see the car at 2x 
distances. This will grant an opportunity to the adversary to mount the relay attack between the car and key fob 
at the 2x distances. 

In the Step 2, the key fob will send public parameter px yop, for session t over RF. The pxrop, will 
arrive at the car either without relay or relayed by the adversary. If without a relay, the pyrop, will be arrived at 
the car by a transmission delay ty ,, for x distance. If relayed by the adversary, the px fop, will be arrived at 
the adversary by a transmission delay tyrop, for x distance. Then the adversary will forward the pxyop, to the 
car by a transmission delay CK fo! for x distance. Therefore the total transmission delay by the adversary is 
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tkfob,; + CK fob! for 2x distances. The following equations show the examples of RF communication delay 


without relay attack and with relay attack: 
Without relay attack: 


delay; = tear, + Ucar! 


With one relay attack: 


delay'; = tear, + Coar! + txfon; + Cron! 


6. SECURITY ANALYSIS 
This section presents the security analysis for timing and relay attacks as follows: 


6.1. Timing Attack 

Adversary model: Indistinguishability experiment for key exchange protocol. 

Adversary knowledge: P(Ag, By), P(A, Bz), P(A; B;), to, tz, t; and kj. 

Adversary limitation: The adversary cannot access the challenged keys ky and k, from P(Ag, By) and 
P(A,,B,) by the oracle for a fair indistinguishability experiment. 

Oracle key exchange computation: The oracle knows all secret parameters (e.g. a;,b;) that are 
required to compute Ky, k,,k; by public parameters P(Ag, By), P(A;, B,), P(A;, Bj). The oracle also shares the 
timings to, t;, t; as requested by the Adversary that gives additional knowledge to mount the timing attacks. 

Security assumptions: 1) Computational Diffie-Hellman (CDH) problem is hard in the cyclic group 
G; 2) hash function is a hash function with strong collision-resistant [20]; and 3) a fixed-time of KEP runtime 
for all fixed input length into the key exchange function that runs in a polynomial time, whereby the key 
exchange function receives any valid input with the same length (e.g., f(101) and f(001), where 
If(101)l=lf(001)I ) will have the identical runtime or execution for all conditions. The fixed-time is based on the 
worst-case scenario to compute the KEP runtime. 

Security reductions: The problem of finding a key k* is reduced to the problem of indistinguishability 
experiments for large n experiment sessions. The k” satisfies the indistinguishability experiments for key 
exchange protocol if and only if the adversary advantage €(n) is negligible for the large n experiment sessions. 

Security arguments: By the security assumptions 1), 2) and 3), the advantage over probabilistic 
polynomial-time (PPT) negligible. If the worst case fixed-time cryptographic computation is implemented in 
KEP, the Adversary will not be able to distinguish whether the key k” is kg or k, with the additional 
information of timing ty and t,. The worst case fixed-time cryptographic computations will render the 
Adversary capability to mount the timing attacks on the KEP implementation almost infeasible because timing 
to and ¢t, are not the actual KEP cryptographic runtimes. Therefore, the Adversary lost in the 
indistinguishability experiment by the negligible advantage. 


6.2 Relay Attack 

Attack model: Relay Attack on KEP 

Adversary knowledge: pear, and Pxgop; 

Relay attack experiment: The Adversary will relay all encrypted RF communication data between the 
key fob and car as shown in Figure 3. 

Adversary limitation: The Adversary may deploy more than one RF relay nodes for an extensive 
distance between the key fob and car, but it will introduce more RF transmission delays. This assumption is 
also included that the adversary cannot access or directly temper the key fob and car. 

Adversary goal: To lock or unlock the car (or driveway the car) using the relay attack. 

Adversary computation: The Adversary will implement store and forward of all encrypted RF 
communication data between the key fob and car in one or more RF relay nodes as shown in the Figures 3 
and 4. 

Security assumptions: It is identical to the security assumptions 1 until 3 in the timing attack. In 
addition to the timing attack security assumptions, 4) any relayed RF communication data between the key fob 
and car will introduce RF transmission delays tear! and txtob! because of the implementation of store and 


forward by one or more RF relay nodes. 5) If KEP implements RF communication delay detection (or RF 
timeout) between the key fob and car, it can detect the RF transmission delays t,,.. and terop! that are 
l L 
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introduced by the relay attack node(s) because of the worst-case scenario of the KEP in RF communication 
delays are tcq,, and txpop;- 
Security reduction: The problem of relaying KEP for RF communication data is reduced to the 
problem of not introducing RF transmission delays t.... and t, fop! between the key fob and car for x distance. 
l U 


The KEP satisfies the security against relay attack if and only if the Adversary is not able to lock or unlock the 
car (or driveway the car) using the relay attack by 2x distance. One may refer to RF communication between 
the key fob and car for the relay attack experiments using chained KEP (CKEP) proposed by M.A.M Isa et al. 
[1], [21], [22] in the next section. There are three experimental setups for the x distance, namely 1, 2.5 and 5 
meters. 


7. RELAY ATTACK EXPERIMENT 
7.1 Experiment Setup 

Figure 4 shows the experiment setup for CKEP public parameter exchanges over RF without a relay, 
one relay node and two relay nodes respectively. This work has selected CKEP that proposed by M.A.M Isa 
et al. [1], [21], [22] as KEP for the relay attack experiment. The experiment setup was used to measure time 
of flight (ToF) of RF communication by a round trip time (RTT) distance estimation method [23], [24]. 
Table | shows hardware and software used for the relay attack experiment. 


Table 1. Hardware and software for relay attack experiment 
Testbed Setup Descriptions 
Hardware Raspberry Pi 2 Model B, 90OMHz ARM Cortex-A7 CPU (overclock to 1 GHz), Quad Cores CPU, L1 32 KB 
(each core) and L2 512 KB (shared) caches and 1GB RAM. 
Ciseco Slice of Radio: SRF Radio Module with on-board "chip" antenna (Texas Instruments CC1110- 
CC1111). 
Software Raspbian 8 (Jessie) OS, Linux Kernel 4.4.21-v7+ and Python 3.42. 


7.2 Experiment Results 

The results in Figure 5 has shown that the average propagation delay for 1, 2.5 and 5 meters that are 
consistent (value very close) by the given simulation distances due to “the propagation speed of radio waves 
in air approaches the speed of light” [23]. For example, the propagation delay of CKEP (without relay) for 1 
meter is 0.008663, 2.5 meter is 0.008542 and 5 meter is 0.008588 respectively. The results have shown that 
the propagation delay on RF for one relay is increased by 101.1% and for two relays is increased by 210.4%. 
The propagation delay on RF allows one to detect a relay attack(s) is being mounted by one or more relay 
nodes. Referring to the equation (1), one may use the given equation to detect the relay attack between a car 
and key fob whereby an authentication key must be discarded due to RRF > WRF. The authentication key 
(cryptographic key) is used to lock/unlock or start car engine if the CKEP successfully verified. In general, 
the propagation delay on RF is increased by 100% for each relay node, e.g. if three relays are presented, then 
the RF propagation delay could be increased by at least 300%. 

Based on the experiment results of the relay attack as shown in the Figure 5, if an adversary mounts 
the relay attack, then it will introduce the RF communication delay as the following Equation: 


RRF > WRF (1) | 


Whereby: 

RRF is the total time of RF communication (including relayed RF). 

WRF is the time of the worst-case CKEP RF communication delay (expected delay). 

If (RRF > WRF), then the CKEP authentication key will be discarded and the car is safe from the 
relay attack. 
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Figure 5. The comparison of CCAP communication propagation delay over RF 


8. DISCUSSION 

This work has conducted experiments for evaluating the security of KEP against timing and relay 
attacks. Referring to the security analysis for timing attack in Section 4, the fixed-time of KEP runtime 
(security assumption 3) can be deployed to prevent an attacker(s) from gaining an advantage to break KEP 
using timing attack. Another method to prevent the timing attack using blinding in KEP cryptographic 
computation [4], [25]. However, this method will increase cryptographic computation runtime compared to 
the fixed KEP runtime. Blinding will create different KEP runtime for the same input parameters, which will 
give misleading timing information to the attacker in mounting the timing attack. Furthermore, to secure KEP 
from the relay attack as aforementioned in Sections 6 and 7, the runtime for KEP must be closest to the fixed 
runtime because it will help CKEP to detect RF communication delay when the attacker(s) is deploying RF 
relay node(s) between car and keyfob. If the runtime KEP is not fixed, it is difficult to compare the runtime 
of without relay and relayed RF communication. Referring to the experiment results for relay attack using 
CKEP, when the CKEP runtime is increased by 50%, the CKEP authentication key should be discarded to 
prevent the attacker from gaining access to the car. The experiment results have also shown that the 
propagation delay on RF communication is increased by 100% for each relay node. This will help in 
detecting the number of relay nodes that are being used during the relay attack between car and keyfob. 


9. CONTRIBUTION 

This paper has improved KEP security by suggesting a method to detect and prevent both timing and 
relay attacks. The fixed-time of KEP runtime can help to prevent the timing attack with a low computing cost 
compared to the blinding method. Furthermore, the fixed-time of KEP runtime (e.g. CKEP) can be used to 
detect and secure an automotive system from the relay attack. This method will enable the CKEP to calculate 
the RF propagation delay which either there is RF relay node(s) between car and keyfob, or direct RF 
communication between car and keyfob. This will prevent the relay attack that was successfully tested by 
ETH Zurich research lab [16]. 


10. CONCLUSION 

This paper has revisited the state of art of KEP which presented in Sections 2 and 3. Based on the 
review, this work found none of the precedent work has tested the KEP security against the relay attack by 
experimental testbed. This work has presented the method to detect and prevent both timing and relay attacks 
in KEP. The fixed-time of KEP runtime can be used to detect both attacks. For the future work, the authors 
will explore other side-channel attacks on KEP such as power analysis attack. 
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